On cPanel server, default user name is very easy to guess. For example, suppose domain name is: yourdomain.com then the user name will be yourdoma or something like this. So hacker can easily brutforce it and can get FTP access to upload suspicious php shells under your account. Using PHP shells, hacker can do mass defacement on the server. He can inject malicious cods in every index files or PHP files.
We can avoid such attacks at some level by disabling default FTP login details on Cpanel web server.
How can we do this? Use following steps to do this.
Edit following file
root@HR-root#vim /usr/local/cpanel/bin/ftpupdate
Search for following line and comment it using #
# print FTPASS join( ‘:’, $system_user, $entry->[1], $entry->[2], $entry->[3], $entry->[6], $entry->[7], $entry->[8] ) . “\n”;
$vhosts->{$system_user} = join( ‘:’, $system_user, $entry->[1], $entry->[2], $entry->[3], $entry->[6], $entry->[7], $entry->[8] ) . “\n”;
After that run following ftpupdate command to update above settings
root@HR-root#/usr/local/cpanel/bin/ftpupdate
Thats all.